01.ExploitDev_101.pdf

(467 KB) Pobierz
Exploit Development 101
W. Owen Redwood
Offensive Computer Security 2.0
http://hackallthethings.com/
Outline
1.
2.
3.
4.
5.
6.
7.
Exploitation Theory
Types of values to fuzz
Some advanced fuzzing techniques
Exploit 101
Stack overview
Examples
Live Demo
Exploitation Theory
VON NEUMANN ARCHITECTURE
most popular system model
45+ years old and going strong
Cannot distinguish between data
& instructions
major reason for so much hacking
and malware
instructions and data stores in same
memory
allows for self modifying code
b/c old machines were hard to set up!!!
took weeks to set up an old ENIAC!
systems are different now, but much much more
complex
The ability to treat instructions as data
allows
for
assemblers,
compilers, and other automated programming tools
to exist
FANTASTIC READ:
http://www.nytimes.com/2012/10/30/science/rethinking-the-computer-at-80.html?pagewanted=all&_r=0
Exploitation Theory
Harvard architecture
Uncommon->Common
■ made sense back in the tape/card days...
■ Now AVR micro controllers..
● Arduino, ARM
○ physically separates data and
instructions
■ entirely different address
spaces
○ separate signal pathway
most modern processors implement small parts of
a modified harvard architecture
to support loading a program from disk storage as data, and then
executing it
Other Architecture Ideas and
Trends
Tagged architecture (theoretical)
○ Each piece of data in the system carries credentials
■ an encryption code that ensures that the data is
one that the system trusts
■ CPU will not process data with bad credentials
Capability architecture (theoretical)
○ requires every software object to carry meta data
and specific permission information that describes its
access rights on the computer
■ check is done by a special part of the CPU
Trusted Computing Base (TCB)
Formal methods....

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin